We have years of experience in providing information assurance and information risk management services to all kinds of businesses. It does not matter whether you run a small start-up company or a large corporation, we will ensure your assets are protected and maintained efficiently. Our aim is to find the best form of protection for your business and provide you with the means to manage risks effectively in order to minimise financial costs and prevent damage to your reputation.

Cookie Policy

A cookie is a small file which asks permission to be placed on your computers hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Energy and Utilities Sector

The modern world is now reliant on electricity; societal support systems and Critical Infrastructure (CI) are dependent on electricity to power and sustain transportation networks, food and water processing, manufacturing and telecommunications systems across the world. Consequently, the energy sector will always be of strategic importance, afforded the investment and protection of nations, concluded in the vast fiscal investment for energy networks and their associated systems.

Cyber Security for the Energy Sector

The energy sector, and the multitude of industry-based organisations that comprise it, has become reliant not just on IT-based systems, for email, customer engagement, sales and marketing but also on other technologies, those for the control of their cyber-physical systems, such as wind and solar powered generators. Renewable energy systems, are exposed to accidental and unauthorised error just as other systems are, and it should not be a surprise to learn that in the modern age, many of these actions have a direct or indirect computer-network or “cyber” aspect to them.

In 2010, The Right Honourable Nick Harvey MP gave a keynote speech to Chatham House about modern cyber-based threats and stated that "Wherever he expands his dominance, whether it be on land, sea or air, or whether it be in cyber space, mankind carries his essential nature with him". The optimism and opportunity for technology to present great advances for society and industry are, unfortunately, tempered with the openness for Computer Network Exploitation and espionage (CNE) and Computer Network Attack (CNA), which are no longer a cause of mere speculation; as detailed in the world media and in this report, the energy sector has been widely targeted for espionage and cyber-attack planning, and more. Some intrusions will leave little or no trace of damage, or attribution; however, some intrusions can, and have, caused accidental or deliberate damage to the operational capability of systems, including using computer-network and cyber vectors to cause physical damage.

In December 2015, two stories made the world media headlines; one related to a smelting furnace in Germany that had been irrevocably damaged through hacking, and the other being a well-planned, co-ordinated and highly sophisticated cyber-attack on the Ukrainian power grid, the first such confirmed cyber-attack on a civilian electric power infrastructure, which post-event evidence indicates was conducted by highly capable and motivated adversary.

Over the last 10 years, cyber intrusions have increased and they show no trend of subsiding in the near future; the potential for damage to energy systems through espionage and cyber-attack is no longer speculation. Indeed, there is now a growing and mature body of evidence of cyber intrusion, reconnaissance and wilful damage across the global energy sector.

Critical infrastructure, the systems and equipment that provide critical services to society, such as electricity, are becoming ever more complex and reliant on modern technology, especially computer networks and advanced programmable devices; not so long ago, critical infrastructure operated in isolation. Now these systems are commonly interconnected and operate in an interdependent manner; a problem with one system may cascade and impact aspects of another, and so understanding systemic risk is of principal importance.

Organisations that understand and effectively manage their risks may not only be better protected from harm, they could also use their strengthened capability to shape a marketplace competitive advantage to identify opportunity and prospects to drive confidence and prosperity.

Stratia Consulting has recent and direct experience of the energy sector and is in a prime position to support and facilitate our clients to better understand and respond to the risks, and opportunities, of the complex and evolving challenges of cyber security across the energy sector. Please feel free to contact us for more information.

Cyber Security for the Renewable Energy Sector

“

for the first time in more than 30 years, America’s nuclear plants have fallen behind wind farms, solar panels and other renewable energy suppliers as a source of electricity.

”

Increasingly, renewable energy systems are playing an important role in the production of electricity worldwide, mainly due to its environmentally friendly nature; wind and solar power is CO2-neutral, and unlike fossil fuels there is an unlimited supply; furthermore, harnessing the power of the wind and sun requires much less exploration, mining or production investment than fossil fuels.

Renewable energy was once considered to be an unlikely solution to global energy needs. The sector has however, rapidly expanded across the world to become a credible, viable alternative energy movement, involving major global companies, many operating at the cutting edge of technological advancements.

As part of this evolution, the risks to the sector have been growing too, both in terms of prevalence and complexity. This is especially true for socio-technological and cyber-related risks. The current and emergent cyber risk landscape is one of an aggressive nature; it requires all organisations, especially energy companies, to regularly identify, review and address the multitude of complex cyber-related threats to their enterprise, or risk their adverse impact.

In June 2017, GE Renewable Energy announced that it had signed a cybersecurity agreement with Invenergy to protect its wind farms in “one of the largest cybersecurity deals in the history of the Industrial Internet” worth $13M over ten years. The wind turbines will be digitally upgraded and protected with the use of Wurldtech’s Opshield technology and a security programme to maintain, update and patch software of all existing, and future, wind farms for the duration of the 10-year agreement.

In early July 2017, Bloomberg cited a recently released US Energy Information Administration report which declared that “for the first time in more than 30 years, America’s nuclear plants have fallen behind wind farms, solar panels and other renewable energy suppliers as a source of electricity.”

In addition, towards the end of July 2017, at the annual Black Hat USA “hacking conference” in Nevada USA, researchers from the University of Tulsa will present their findings of a two-year study into hacking of wind farms, complete with demonstrations of their bespoke software tools which have been designed to deny or degrade control and operation of wind turbines, including the ability for inflicting physical damage.

Stratia Consulting has recent and direct experience of the renewable energy sector and is in a prime position to support and facilitate our clients to better understand and respond to the risks, and opportunities, of the complex and evolving challenges of cyber security across the renewable energy sector. Please feel free to contact us for more information.

Cyber Security Competent Independent Organisations

Stratia Consulting is a Competent Independent Organisation, with proven experience and delivery within the Energy Sector. The UK Gas Act 1986 and the UK Electricity Act 1989 include a regulatory mandate for energy suppliers to use an independent Competent Independent Organisation (CIO) to conduct an annual assessment and security review of their Smart Metering Technical Specification End-to-End system (SMETS-E2E). The SMETS-E2E is considered to be secure when the system, and each individual element of it, is designed, installed, operated and supported to ensure effective compliance to the Appropriate Standard, identified as ISO 27001.

In 2016, the Chief executive of Smart Energy GB noted that smart metering is "the biggest behavioural change programme that this country has seen."Stratia Consulting is a Competent Independent Organisation, with proven experience and delivery within the energy sector; as a founding NCSC Certified Cyber Security Consultancy, we are also certified under the scheme to provide Risk Management and Risk Assessment services.

Stratia Consulting Can Help

Renewable Energy Agreement

In June 2017, GE Renewable Energy announced that it had signed a cybersecurity agreement with Invenergy to protect its wind farms in "one of the largest cybersecurity deals in the history of the Industrial Internet" worth $13M over ten years.